The myths behind Linux security.
By Ell Marquez, Intezer
Some security personnel still believe that Linux is secure by default. Yet the prevalence of attacks on Linux environments has proven otherwise.
Attacks on these systems don’t seem to be slowing down anytime soon. According to recent research, there has been an increase of 40% in Linux malware families.
To mount a strong defense for our environments it’s critical to have a diverse pool of ideas to address new threats that are proliferating the Linux operating ecosystem. Only through new diverse ways of thinking can we begin to take the steps needed to mitigate the new techniques attackers are using. Read the full article.
Women in STEM: Advice from 6 tech leaders.
By Natalie Mangan, Inkhouse
The pandemic has been a catalyst for change in the workforce and today’s job market, as sectors like cybersecurity struggle with talent shortages. The field of STEM is more important now than ever, yet women only account for 28% of the STEM workforce. As young girls and women prepare to go back to school, and others consider career changes, I wanted to share words of advice from six security, engineering and software experts at organizations including AT&T Cybersecurity, Raytheon, Code42, D2iQ, and Ground Labs.
Swati Shekhar, head of engineering, Ground Labs
“First and foremost, join STEM if and only if you truly enjoy it. Regardless of gender, everyone deserves the opportunity to pursue a career that motivates them and is personally fulfilling. If your passion is STEM, I advise gaining practical experience — do projects, tinker, build, prototype, test new technologies, spend time working both in a group and by yourself. Don’t wait for a degree or a job to describe a path for you; be ready to ‘engineer’ your own career path. And finally, identify your role models. A role model may be someone you know, but it can also be an individual you read about, or saw from afar who truly inspires you. Learn from them, but always apply what you learn analytically and critically to your unique situation.”
Bindu Sundaresan, director, AT&T Cybersecurity
“When I started in cybersecurity over two decades ago, I was often the only woman and woman of color in the room. Now, more diversity is represented in the industry, which makes me optimistic about the future for women not just in cybersecurity, but STEM overall.
My advice for women considering a career in STEM would be to not worry about breaking the norm. If you have an idea or observation, speak up, as diversity of thoughts are often the key to solving complex problems in the industry. Early on in the journey, find strong mentors that you can lean on for career opportunities, professional advice and expanding your skill set. With a bold mindset and strong allies, you’ll be set up for success in STEM.”
Jadee Hanson, CIO and CISO, Code42
“My advice to women who want to enter into STEM professions is to do something that scares you every day and to continue to educate yourself on the nuances of the field you would like to enter.
One thing that I see happen repeatedly is that women are outnumbered by men in the cybersecurity field and with the odds stacked against them, they either lose confidence, or they leave the field. We need to stop excluding this valuable group and encourage them. This is where I would like to encourage them to do the scary thing and soldier on with their work, question why a solution may not work and advocate for themselves. No matter how hard it seems at the moment, these instances of standing up for oneself is what builds a strong woman in cybersecurity. We just need to provide them with the tools they need to succeed in being team leaders.”
Teresa Shea, VP cyber offense and defense experts, CODEX, Raytheon Intelligence and Space
“Believe in yourself and your desire to make a difference in the world. It’s simple and I wholeheartedly believe that confidence and passion can convince people that you deserve a seat at the table - because you do! I’ve been in the cybersecurity industry for over three decades, I’ve made mistakes, and I’m sure I’ve been doubted just like everyone else, but I worked hard and never gave up on what I believed in.
When I was in high school, I knew math wasn’t a common thing for women to be keen on - at least that's what I perceived. As I graduated from high school, the Society of Women Engineering gave me a scholarship, and I became one of few women in my electrical engineering major, but I worked hard to know my stuff and felt confident in my abilities. Then, when I worked with the National Security Agency, I felt empowered because I was among individuals that valued my skills and work ethic.
As the school year begins again, my advice to other women is to surround yourself with individuals that are passionate about similar interests— if they care about solving problems, there’s less time to judge you based on your gender— and finally, remember that STEM is not monolithic. If you don’t love math, you can still be a great scientist. If you hate science, you may excel at programming. Find your niche and stick with it.”
Anisha Patel, senior program manager, Raytheon Technologies
“Men and women both need to put an effort into welcoming more diversity into the STEM field, but I can only speak from my own experiences and a woman in cybersecurity. I was fortunate to have a family that pushed me towards a career in the technology sector, but not every girl or woman has that same influence in their education. If a woman has the passion and interest in technology, I encourage them to find mentors that support them. Mentors can be male or female— and although we don’t need a mentor to succeed, having someone in our corner to encourage and advocate for us is great fuel to continue pursuing STEM.
For any woman looking to enter STEM, I also encourage her to go where she is valued. As a student, go to networking events and look at who the recruiters and top leaders are. Do they look like you or at least champion the success of women in their organization? That will be very telling to the experience a woman may have breaking into the industry. It’s also important to always question gender stereotypes, because oftentimes, those are what get in the way of a woman feeling like she would belong.”
Catherine Southard, VP of engineering, D2iQ
“I’ve made major pivots throughout my career and worked across vastly different STEM organizations. My biggest takeaway is to focus on surrounding yourself with supportive colleagues and extending that support to the women around you. This has always been important to me but was heightened as I became a new mom and a new executive during the pandemic. Benefits such as flexible hours and generous maternity leave along with colleagues who understand the adjustment period of my roles are all important aspects of a supportive culture.”
Heard around the studio...
By The CyberWire staff
Our team speaks with cybersecurity leaders every day. We are fortunate to help bring their expertise to you through interviews on our podcasts. Some give opinions on the news of the day, share findings of reports, explain research their team did in tracking the latest ransomware gang, and tell details of their career journeys. We thought we would share some interesting quotes with you by a few of our guests.
"Every single company - large, small, mom and pop, big bank, big energy - they all have to defend against the Russians, the Chinese, the Iranians, the North Koreans, major criminal gangs emanating out of northeastern Europe, major criminal gangs operating out of China now, increasingly. That doesn't make sense. You can't expect a single company that's a profit-making entity whose job it is to build services for consumers or other businesses or products to also spend the kind of money it takes to go up against the nation-state or a nation-state-like attacker." – IronNet Cybersecurity's Jamil Jaffer on the Daily Podcast.
"And that became sort of my jam - my purple. So I put some purple in my hair, got some purple shirts and dresses. And I don't know. It just became this thing. And so when I first started my company, I just put shehackspurple and then .dev because developers. But then people thought it was just for women. And I was like, no, everyone is invited. So we changed it to We Hack Purple so that it would be more inclusive and everyone would know, you know, you're welcome here. You're wanted here." – We Hack Purple's Tanya Janca on CyberWire Network Podcast Security Unlocked, produced by Microsoft Security.
"You know, it's been one of those things where, you know, over the last year has certainly been hard for so many different reasons. One of the silver linings has been the ability to reach out to more - for me, it's been the ability to reach out to more students wherever they are across the country and, actually, across the globe, you know, due to the virtual format now. And so, you know, I've had the opportunity to either, you know, fill in as a professor at a university or just speak at various kinds of conferences at the universities. And, honestly, they are some of my best experiences over this last year." – Podcast Partner, Andrea Little Limbago from Interos on the Daily Podcast.
"When my siblings who are both older than I, knew my father, he worked in a "candy store" according to him, and he had business cards and so forth. That's how secretive NSA was in the times that they were growing up. That gradually changed, and I joined NSA in 1982. It still was not an openly acknowledged agency. In fact, it was "No Such Agency," but in my journey, they changed and they became an organization that was more transparent, with the with the nation on what they were doing and their role." – Northrop Grumman's Jennifer Walsmith on Career Notes.
"But then we also discovered that there was an aspect of human rights that we wanted to look at. China has been exporting digital surveillance technology. Now, what we're most concerned about is that this poses a critical privacy risk to citizens and businesses in these regions. We know that China is using surveillance technology in their own country to surveil their own citizens, to also monitor minority groups, and to quell pro-democracy movements, but they're also exporting this technology to illiberal regimes and authoritarian regimes to use in that same way." – Recorded Future's Charity Wright on Research Saturday.
We hope some of these quotes sparked your interest to explore the interviews further.
